post-processing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill exhibits a significant attack surface by ingesting untrusted simulation data which is then used to parameterize shell commands.
- Ingestion points: Simulation output files such as
results/field_0100.jsonandresults/history.json(SKILL.md). - Boundary markers: Absent; no delimiters or instructions to ignore embedded content are present when processing external file content.
- Capability inventory:
Bash,Write,Read, and Python subprocess execution for analysis scripts (SKILL.md). - Sanitization: Absent; there is no evidence of path validation or field name sanitization.
- [Dynamic Execution] (MEDIUM): The
statistical_analyzer.pyandderived_quantities.pyscripts accept complex logical strings (e.g.,--region "x>0.3 and x<0.7"). This indicates a potential use ofeval()orexec()for runtime expression parsing, which can lead to code execution if input data influences these strings. - [Command Execution] (MEDIUM): The workflow uses the
Bashtool to construct and execute Python commands via string interpolation. Without strict escaping or the use of argument lists, this pattern is susceptible to shell injection through malicious file paths or field metadata.
Recommendations
- AI detected serious security threats
Audit Metadata